I'm using Devise in a mounted engine (my_engine) in my Rails application (my_application). This works quite well, but there's still one problem: if a user tries to access a restricted resource (i.e. a page that's protected with a before_filter authenticate_user!) Devise/Warden generates a 401 response and redirects to the sign_in url. Unfortunately this sign_in url is not prefixed with the engine's mount path.
So my problem ist that the url that Devise uses for forwarding the browser to the sign_in page is wrong.
The engine's routes.rb file is...
My_Engine::Engine.routes.draw do
devise_for :users, {
class_name: "My_Engine::User",
module: :devise,
controllers: {registrations: 'my_engine/users/registrations'}
}
devise_scope :user do
get 'users/registrations/after_sign_up/:id' => "users/registrations#after_sign_up", as: :after_sign_up
get 'users/registrations/after_confirm/:id' => "users/registrations#after_confirm", as: :after_confirm
end
end
The generated routes are all ok:
Prefix Verb URI Pattern Controller#Action
my_engine /my_engine My_Engine::Engine
Routes for My_Engine::Engine:
new_user_session GET /users/sign_in(.:format) devise/sessions#new
user_session POST /users/sign_in(.:format) devise/sessions#create
destroy_user_session DELETE /users/sign_out(.:format) devise/sessions#destroy
user_password POST /users/password(.:format) devise/passwords#create
new_user_password GET /users/password/new(.:format) devise/passwords#new
edit_user_password GET /users/password/edit(.:format) devise/passwords#edit
PATCH /users/password(.:format) devise/passwords#update
PUT /users/password(.:format) devise/passwords#update
cancel_user_registration GET /users/cancel(.:format) my_engine/users/registrations#cancel
user_registration POST /users(.:format) my_engine/users/registrations#create
new_user_registration GET /users/sign_up(.:format) my_engine/users/registrations#new
edit_user_registration GET /users/edit(.:format) my_engine/users/registrations#edit
PATCH /users(.:format) my_engine/users/registrations#update
PUT /users(.:format) my_engine/users/registrations#update
DELETE /users(.:format) my_engine/users/registrations#destroy
user_confirmation POST /users/confirmation(.:format) devise/confirmations#create
new_user_confirmation GET /users/confirmation/new(.:format) devise/confirmations#new
GET /users/confirmation(.:format) devise/confirmations#show
after_sign_up GET /users/registrations/after_sign_up/:id(.:format) my_engine/users/registrations#after_sign_up
after_confirm GET /users/registrations/after_confirm/:id(.:format) my_engine/users/registrations#after_confirm
Now when I access a protected resource, Devise generates a 401 and redirects to the sign_in path, but the url is not prefixed with '/my_engine`.
It uses /users/sign_in, but it should use /my_engine/users/sign_in.
19:41:11 web.1 | Started GET "/my_engine/users/edit" for ::1 at 2015-03-09 19:41:11 +0100
19:41:11 web.1 | Processing by My_Engine::Users::RegistrationsController#edit as HTML
19:41:11 web.1 | Completed 401 Unauthorized in 1ms
19:41:11 web.1 |
19:41:11 web.1 |
19:41:11 web.1 | Started GET "/users/sign_in" for ::1 at 2015-03-09 19:41:11 +0100
19:41:11 web.1 |
19:41:11 web.1 | ActionController::RoutingError (No route matches [GET] "/users/sign_in"):
19:41:11 web.1 | actionpack (4.2.0) lib/action_dispatch/middleware/debug_exceptions.rb:21:in `call'
Has anyone encountered this before ? It seems that there is a related problem with omniauthenticable in engines, but I'm not sure if they share the same cause.
Check out Ativ's answer, which solved my problem.
In short, I had to add a Devise::FailureApp to the engine's lib folder, tell Devise to use it and load it upon start.
See github for details.